Like barcode and voice data entry, RFID is a contactless information acquisition technology. RFID systems are wireless, and are usually extremely effective in hostile environments where conventional acquisition methods fail. RFID has established itself in a wide range of markets, such as, for example, the high-speed reading of railway containers, tracking moving objects such as livestock or automobiles, and retail inventory applications. As such, RFID technology has become a primary focus in automated data collection, identification and analysis systems worldwide.
Of late, companies are increasingly embodying RFID data acquisition technology in portable devices identifiable by hand. For example, RFID modules are being placed in a fob or tag for use in completing financial transactions. A typical fob includes a RF transponder and is typically a self-contained device which may be contained on any portable form factor. In some instances, a battery may be included with the fob to power the transponder, in which case the internal circuitry of the fob (including the transponder) may draw its operating power from the battery power source. Alternatively, the fob may exist independent of an internal power source. In this instance the internal circuitry of the fob (including the transponder) may gain its operating power directly from a RF interrogation signal provided by a RF reader. U.S. Pat. No. 5,053,774, issued to Schuermann, describes a typical transponder RF interrogation system which may be found in the prior art. The Schuermann patent describes in general the powering technology surrounding conventional transponder structures. U.S. Pat. No. 4,739,328 discusses a method by which a conventional transponder may respond to a RF interrogation signal. Other typical modulation techniques which may be used include, for example, ISO/IEC 14443 and the like.
In the conventional fob powering technologies used, the fob is typically activated upon presenting the fob in an interrogation signal. In this regard, the fob may be activated irrespective of whether the user desires such activation. These are called “passive” RFID devices. Alternatively, the fob may have an internal power source such that interrogation by the reader to activate the fob is not required. These RFID devices are termed “active” RFID devices.
One of the more visible uses of the RFID technology is found in the introduction of Exxon/Mobil's Speedpass® and Shell's EasyPay® products. These products use transponders placed in a fob or tag which enables automatic identification of the user when the fob is presented at a Point-of-Sale (POS) device. Fob identification data is typically passed to a third-party server database, where the identification data is referenced to a customer (e.g., user) credit or debit account. In an exemplary processing method, the server seeks authorization for the transaction by passing the transaction and account data to an authorizing entity, such as for example an “acquirer” or account issuer. Once the server receives authorization from the authorizing entity, the authorizing entity sends clearance to the point-of-sale device for completion of the transaction.
Minimizing fraud transactions in the RFID environment is typically important to the account issuer to lessen the loss associated with fraudulent RFID transaction device usage. One conventional method for securing RFID transactions involves requiring the device user to provide a secondary form of identification during transaction completion. For example, the RFID transaction device user may be asked to enter a personal identification number (PIN) into a keypad. The PIN may then be verified against a number associated with the user or the RFID transaction device, where the associated number is stored in an account issuer database. If the PIN number provided by the device user matches the associated number, then the transaction may be cleared for completion.
One problem with the conventional method of securing an RFID transaction is that the time for completing the transaction is increased. This is true since the RFID device user must delay the transaction to provide the alternate identification. The increased time for completing a transaction defeats one real advantage of the RFID transaction device, which is to permit expedient completion of a transaction since the account information may be passed to a reader without merchant involvement.
Another problem associated with conventional securing methods is that the customer identifying information (e.g., customer name, address, customer demographics, etc.) is susceptible to theft when transmitted from the RFID device to the RFID reader. Merchants often print the customer identifying information on a receipt for billing purposes. Alternatively, merchants store the customer identifying information for recordkeeping purposes, such as if the customer identifying information is needed to settle a transaction dispute. Typically, the merchant receives the customer identifying information from the RFID reader which receives the information from the RFID device as unencrypted data (“in-the-clear data”). The unencrypted data therefore may be intercepted by unscrupulous eavesdroppers bent on using the customer's identifying information for fraudulent purposes.
As such, a need exists for a method of securing a RFID transaction which does not increase the time needed to complete the transaction, and which method may be used without device user intervention. A further need exists for a system that secures customer identifying information transmitted in-the-clear.